State Attorneys General criticize Equifax for conduct after breach
CONCORD — New Hampshire's Attorney General has joined other attorneys general, expressing their concerns of the recently disclosed data breach at Equifax and the way the company has handled the situation.
Equifax. founded in 1899, is a consumer credit reporting agency that collects information on over 800 million individual consumers and more than 88 million businesses internationally.
The Atlanta-based company, one of the three major American credit agencies, recently announced that a cyber breach occurred between mid-May and July 2017. Equifax reported that hackers attacked a U.S. website application to access files, leaving 143 million people at risk for identity theft. Among that information was consumers' names, Social Security numbers, birth dates, home addresses, and driver's license numbers.
Since that announcement, Equifax set up a website where people could check if their information was stolen, as well as a telephone number that consumers could call for more information. Equifax also offered free credit monitoring to all Americans for an entire year.
Today, 34 of the 50 State Attorneys General endorsed a letter sent to Equifax in which they communicated their concerns of this breach and hopes to meet with executives in the near future to discuss these things further.
The letter places blame on Equifax for their failure to apply a necessary patch to its software. It lists their issues with the company's conduct since the announcement of the breach.
These State Attorneys General criticized the website and hotline set up for consumers, the terms of service that require consumers to waive their rights, the offer of competing fee-based and free credit monitoring services, and the charges consumers incurred for a security freeze with other companies.
The letter detailed the problems with Equifax's website and hotline, which are aimed to help consumers affected by the data breach. The State Attorneys General said they received reports of long wait times and an inability to get through to the call center.
The letter explained that the state offices received many complaints of complicated terms of service for the free credit monitoring offered by Equifax. These terms of service possibly required consumers to give up "certain rights." The letter stated that it wasn't until the state offices strongly urged Equifax to remove these questionable terms of service that they actually did.
The State Attorneys General condemned Equifax's supposed attempt to make a profit from this breach that was their own fault.
The letter then criticized Equifax for offering a fee-based credit monitoring service along with the free service. The free service was more difficult to find on the website and consumers were confused thinking they had to pay for a service after being left at risk in the first place.
Finally, the letter expressed the Attorneys General concerns about the charges consumers incurred for a security freeze with other credit monitoring companies. These companies, Experian, TransUnion and Innovis, are direct competitors of Equifax.
While Equifax is not charging a fee for its own security freeze, the letter said many consumers were unhappy with a fee incurred for security freezes with other companies.
"We believe Equifax should, at minimum, be taking steps to reimburse consumers who incur fees to completely freeze their credit," the letter stated.
The State Attorneys General letter encouraged Equifax to follow their suggestions and meet with their staff to address the issues outlined in the letter.